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ABSTRACT 



The terminal includes a terminal module (1) and a personal 
security device (31). The terminal module (1) is adapted to 
receive high-level requests from an application (Fap) 
installed on an electronic unit. The high-level requests are 
independent of the personal security device (31). 

The terminal module (1) and/or the personal security device 
(31) includes a reprogrammable memory for storing and a 
unit for executing a filter program (F) translating the high- 
level requests into at least one of either (i) at least one 
sequence of exchanges of data between the terminal module 
(1) and the user or (ii) a sequence of at least one elementary 
command that can be executed by the personal security 
device, together with a unit for protecting the filter program 
(F, 62) to prevent any modification of the filter program by 
an unauthorized entity. The filter program includes a unit for 
identifying and/or authenticating the source of requests sent 
by the application (Fap) installed in the electronic unit. 

40 Claims, 14 Drawing Sheets 
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TERMINAL AND SYSTEM FOR 
PERFORMING SECURE ELECTRONIC 
TRANSACTIONS 



BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention concerns a terminal and a system 
for performing secure electronic transactions. 

2. Description of the Related Art 

Public digital data transmission networks, such as the 
Internet, are expanding at a considerable: rate. However, the 
performing of secure electronic transfers on this type of 
network is currently being hampered, among other things, 
by the lack of security mechanisms associated with such 
transactions, reflected in a lack of confidence on the part of 
network users and operators. 

In the context of this application: 
an electronic transaction designates an exchange of infor- 
mation via a public digital data transmission or tele- 
communication network, either between two or more 
users or between a user and a service provider, 
a function is a process carried out in order to render a 

service to a user, 
an application designates a consistent set of services and 
functions, 

the expression "application software" designates the soft- 
ware needed to perform the functions relating to a 
given application, and 
a secure transaction is a transaction for which security 
measures are implemented, namely authentication of 
the entities participating in the transaction, integrity, 
confidentiality, authenticity and possibly non- 
repudiation of exchanges and operations effected in the 
context of the transaction. 
Many applications require secure electronic transactions. 
Examples are controlling access to computer or similar 
resources, home banking (statements, transfers between 
accounts, etc . . . via the telephone network or the Internet), 
electronic trading (purchase of goods or services via a public 
network), electronic mail, electronic purse, etc. 

These and other applications requiring secure transactions 
are well known to the skilled person and are not described 
in detail here. 

Depending on their nature, rendering such applications 
secure necessitates the use of one or more security services 
such as: 

authentication, to guarantee the identity of an entity (a 
person or a system); 

access control, protecting against unauthorised use or 
manipulation of resources; 

confidentiality, prohibiting disclosure of data to unautho- 
rised entities; 

data integrity, which assures that data has not been 
modified, deleted or substituted without authorisation, 
and 

non-repudiation, which assures that a participant in an 
exchange of data cannot subsequently deny the exist- 
ence of the exchange. 
The combination of two existing techniques makes it 
feasible to employ the above security services, so offering a 
sufficient level of security for the performance of electronic 
transactions. 
These are: 
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public key and private key cryptography, because it 
guarantees non- repudiation and facilitates management 
of keys; and 

the integrated circuit (or smart) card, because it is rela- 
tively inexpensive, easy to use and reliable because it 
uses dedicated microprocessors with hardware and 
software protection features so that read and write 
mode access to their memory can be barred. 

Integrated circuit cards offer the following services: 

authentication of the cardholder or user: this operation 
authenticates the cardholder by means of a confidential 
code after which the card allows operations such as 
executing algorithms, reading secret keys, reading or 
writing data on the card, which can also be subject to 
other security conditions; 

protection of data and functions stored on the integrated 
circuit card. Access to the card can be subject to prior 
authentication of the electronic entity requesting to 
access it. This external authentication is generally 
effected in challenge/response mode. In this case the 
entity has a secret parameter, hereinafter also called the 
secret, enabling it to calculate, depending on a chal- 
lenge issued by the card, a response that will prove to 
the card that it is in possession of the secret; 

execution of cryptographic algorithms using a secret 
parameter stored on the card (encipherment, message 
authentication, signature); and 

internal authentication. This service enables an applica- 
tion to authenticate the card. This service is the inverse 
of external authentication. The card generates a 
response to a challenge received, using a secret stored 
on the card. 

The services offered by means of the integrated circuit 
card are performed on receipt of so-called elementary 
commands, execution of the elementary command causing 
the sending of elementary responses. The elementary com- 
mands concern, for example, cryptographic calculations, 
reading or writing of secret or other data, intervention of the 
user (entry of their personal confidential code (PIN), vali- 
dation of a transaction after signature), and return of infor- 
mation to the user (display of messages to be signed, for 
example). 

Some cards offer the facility to verify the integrity, source 
and even the confidentiality of commands sent to the card. 
These services are based on techniques of authenticating and 
enciphering the commands. 

The current use of integrated circuit (or microcircuit) 
cards offers a very high level of security because the 
transactions are essentially performed on private networks 
and terminals (automatic teller machines, point of sale 
terminals, for example) which are under the control of an 
entity assuring the security of the system as a whole. 

In such applications, users or abusers do not have access 
to the application software or to the hardware and software 
security mechanisms of the terminals. 

In contrast, performing secure transactions using inte- 
grated circuit cards on a public network presupposes that 
users have access to a card reader terminal module, given 
that microcircuit cards do not have their own electrical 
power supply and that using them requires a reader that can 
power them up and establish communication with the user 
and/or external electronic means. 

At present, to perform a transaction on a public network, 
the user employs a terminal that can be a dedicated product, 
a personal computer or a personal computer connected to an 
integrated circuit card by a card reader. 
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In all cases, the transaction system accessible to the user 
generally comprises: 

an application service provider, for example an Internet 

browser, an electronic mail program, a home banking 

program, s 
a high-level security service provider enabling execution 

of low-level cryptographic mechanisms required by the 

application. 

The application service provider issues requests for high- 
level security services to assure the security of the tr ansae- 10 
lions performed. 

If the application is installed on the user's personal 
computer, the cryptographic services referred to are, for 
example, those defined by RSA laboratories in its standard 
"PKCS 11: Cryptographic Token Interface Standard" or the is 
cryptographic services offered by the Microsoft Windows 
NT operating system, in particular those available via the 
"Crypto API" application program interface (API)- 

If the user does not have an integral microcircuit card 
reader, the cryptographic services are effected entirely by 20 
software. 

If the user wishes to enhance security, they use a trans- 
parent type integrated circuit card reader connected to their 
computer A transparent type card reader is in fact an 
interface module between the computer and the integrated 25 
circuit card for transmitting elementary commands from the 
computer, originating from the cryptographic service 
provider, to the card, and elementary responses from the 
card to the computer. Using this terminal, consisting of their 
terminal module-computer+reader-coupled to their card, a 30 
user can perform electronic transactions (electronic 
shopping, for example). 

Of course, access of users to a terminal of this kind 
generates potential security risks. 

The more decentralised the applications the greater the 35 
risk. Conversely, the better the control of the risks at the 
terminal end, the more decentralised can the applications be. 
Consider purse type applications, for example, in which 
transactions (purchaser card debit/merchant card credit) are 
effected card-to-card, without requiring consolidation of the 40 
transactions at the level of a centralised server. 

It follows from the foregoing discussion that a terminal 
can potentially contain a set of information (or even 
software) on whose confidentiality and integrity the security 
of the application relies. Consider, for example, secret keys 45 
used to authenticate the terminal modules vis a vis the card 
or to encipher data transferred between a server and the card 
reader terminal module. An abuser with access to the ter- 
minal can analyse its operation and obtain access to the 
confidential information and software. 50 

Note also that the applications referred to here, such as 
electronic shopping and electronic mail, are usually per- 
formed via the Internet. Experts are well aware that a 
personal computer (PC) connected to the Internet is highly 
vulnerable to viruses which can be installed and execute on 55 
the user's PC without them knowing it and without them 
allowing physical access to their computer to anyone at all. 
The totally invisible nature of this type of threat is the real 
danger currently limiting the deployment of transaction- 
based applications using the Internet. The same comments <jo 
apply to electronic shopping applications on cable TV 
networks using set-top boxes connected to the TV set and 
incorporating one or two smart card readers. 

The system level risks are then: 

Attack on the integrity of the cryptographic service pro- 65 
vider and the application service provider with the aim 
of modifying the behaviour of the terminal module: for 



436 Bl 

4 

example, the terminal module is modified to capture 
information associated with the card and to store the 
information obtained for subsequent communication to 
a counterfeit server. This attack can be carried out 
unknown to the legitimate user (substitution of the 
user's terminal module or loan of a modified terminal 
module). This attack can then be generalised by circu- 
lating counterfeit terminal modules. 

Attack on the confidentiality of the cryptographic service 
provider, with the aim of obtaining the cryptographic 
keys they use, which arc stored on the hard disk of a 
computer, for example. 

Attack on other cards, based on the ability to authenticate 
the abuse vis a vis other cards by virtue of the secrets 
discovered by attacking the confidentiality of the ser- 
vice provider. 

Attack on the integrity and the confidentiality of commu- 
nications between the various entities (application ser- 
vice providers, cryptographic service providers, inte- 
grated circuit card reader, integrated circuit card, 
server) to break the chain of confidence established 
between these elements. For example: 

1 — deciphering communications between server and 
terminals; 

2 — inserting third party software between the applica- 
tion service provider and the cryptographic service 
provider to break the chain of confidence between 
these two programs or to substitute for the applica- 
tion software third party software causing the secu- 
rity service provider to execute security requests 
with a different aim to that of the application known 
to the user. 

Attack on servers (in the case of an on-line application): 
connection of a counterfeit terminal to a server, emu- 
lation of a terminal module/integrated circuit card 
combination to obtain advantages. 

An attack on the chain of confidence between the cryp- 
tographic service provider and the application service pro- 
vider in the context of an application requiring an electronic 
transaction using an integrated circuit card to be signed is 
illustrated hereinafter. The transaction proceeds as follows: 

Step 1: verification of the personal confidential code 
(PIN) of the user, entered by the latter via a keypad 
associated with their terminal module, the code entered 
being sent to the card for verification by the latter. 

Step 2: authentication of the terminal module. The latter 
sends a "challenge request" command (a challenge is a 
random or pseudo-random number). The integrated 
circuit card generates the challenge and sends it to the 
terminal module. The terminal module sends the card 
an "external authentication" command accompanied by 
a response consisting of the challenge enciphered by a 
key held by the terminal module. The integrated circuit 
card then verifies the response received. 

Step 3: if steps 1 and 2 are executed satisfactorily, the 
integrated circuit card is ready to receive and to execute 
the signature command, i.e. command of encipherment, 
using a private key stored on the card, of the result of 
a hashing operation performed on the transaction 
entered by the user. After this encipherment the card 
sends to the terminal module the signature consisting of 
the result of the hashing operation enciphered in this 
way. 

If the integrity of the application software (application 
service provider and its cryptographic service provider) is 
not assured, a hacker does not need to know the secret code 
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and keys to pirate the transaction system; all that is neces- 
sary is to implant in the terminal module, for example the 
personal computer to which an integrated circuit card reader 
is connected, virus type software which in step 3 diverts the 
authentic data to be signed and sends falsified data to the 
card. Given that steps 1 and 2 have been executed in a 
satisfactory manner, the card will then sign the falsified data 
on the basis of the PIN that the user has entered and the user 
will believe that the card is about to sign their own data. 

The preceding example shows the necessity of protecting 
not only the confidential information used in the context of 
a transaction but also the integrity of the transaction, i.e. the 
integrity of the behaviour of each entity involved in the 
transaction, together with the integrity of the behaviour of all 
of the software, assuring that the chain of confidence estab- 
lished between the various entities is broken. 

The risks of attack mentioned hereinabove are currently 
covered in part by terminals — integrated circuit card readers 
integrating security modules (SAM, similar to an integrated 
circuit card) used in the context of purse applications in 
particular. The reader is then personalised by a SAM and 
assigned to a merchant, the cards read being those of 
customers. The SAM contains secret information and is able 
to execute algorithms using the secret information. 
However, it does not contain means for controlling commu- 
nication with the user, with the integrated circuit card and/or 
with external electronic means, and for this reason the 
security of transactions is not assured. 

Document WO 95/04328 discloses a terminal module 
comprising user interface means and interface means to 
external electronic means (hereinafter called external inter- 
face means) including an interface with a microcircuit card. 
The microprocessor of the terminal module comprises data 
storage means (ROM, EEPROM, RAM). The data stored in 
permanent memory (ROM) includes an operating system, 
managers of external components controlling the interfaces 
and peripheral devices, and an interpreter capable of inter- 
preting program modules written in a specific language. The 
program modules are stored in the semi-permanent memory 
EEPROM and can be loaded into temporary memory RAM 
to be executed by the microprocessor on activation of an 
appropriate interface by the user. The program modules 
corresponding to the applications of the terminal module are 
downloaded into the EEPROM of the microprocessor or into 
a microcircuit card from an external server. 

The terminal module of document WO 95/04328 can 
operate: 

in autonomous terminal module mode, the microproces- 
sor of the terminal module executing a program module 
stored in an internal memory without calling on an 
integrated circuit card; 
in autonomous terminal mode, in which a program mod- 
ule stored on a card is executed; 
in extended terminal mode or on-line mode, in which the 
microprocessor of the terminal module or that of the 
card executes a program module and communication is 
established via the telephone, a modem or a direct 
connection to a service provider or a server; and 
in transparent memory card reader mode, in which 
instructions received over a serial link are sent directly 
to the card and vice versa. 
The terminal described in document WO 95/04328 does 
not deal with security problems addressed by the invention 
in that there is no description of how to secure a transaction 
to guarantee the integrity of the behaviour of all of the 
software executing the transaction. In particular there is no 
description of means for executing high-level requests 
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issued by the application or how lo guarantee the source, the 
integrity and the confidentiality of such means. 

SUMMARY OF THE INVENTION 

The present invention aims to provide a terminal for 
carrying out secure electronic transactions of the type com- 
prising a personal security device such as an integrated 
circuit card or other device fulfilling the same functions and 
a terminal module provided with means of interfacing the 
personal security device, such as an integrated circuit card 
reader, and offering by virtue of its software and/or hardware 
architecture and the security mechanisms that it includes an 
enhanced level of security compatible with the fact that the 
terminal can be under the control of users (as opposed to 
terminals under the control of the operators). 

A second objective of the invention is to assure this same 
level of security whilst enabling integration, during use, of 
new functions or applications, or modification of existing 
functions or applications without having recourse to a mul- 
titude of different terminal modules and without changing 
terminal modules to effect such modifications. 

To this end, the invention consists in a terminal for 
execution of secure electronic transactions by a user in 
conjunction with at least one application installed on an 
electronic unit, said terminal comprising: 
a terminal module including at least: 

first interface means with said application for receiving 

from it requests relating to said transactions, 
second interface means with said user; 
third interface means with a personal security device, 
first data processing means comprising at least first 
software means for controlling said interface means, 
and 

a personal security device including at least second secure 
data processing means comprising at least second soft- 
ware means for executing elementary commands and 
means for executing cryptographic computations, char- 
acterised in that: 

said terminal is adapted to receive said requests from said 
application installed on said electronic unit in the form 
of high-level requests independent of said personal 
security device, 

at least one of said terminal module and said personal 
security device comprises: 

at least one reprogrammable memory for storing at 
least one filter program translating said high-level 
requests into at least one of either (i) a sequence of 
at least one elementary command for being executed 
by said second software means of said second data 
processing means, or (ii) a sequence of data 
exchanges between said terminal module and said 
user via said second interface means, said data 
exchanges being executed by said first software 
means of said first data processing means, and 

means for protecting said filter software to prevent an 
unauthorised person reading and/or modifying said 
software, and 

at least one of said first and said second data processing 
means comprise a data processing device for executing 
said filter program. 
The invention defined hereinabove achieves the security 
objectives required for carrying out electronic transactions 
by virtue of the fact that it describes a filter or "firewall" 
between the external world, i.e. the applications themselves, 
and the security means and peripheral devices that it 
controls, by means of a logical interface defining the format 
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of high-level requests issued by the applications and of a ment differs from the preceding one in that said program- 
translation software for processing these requests. mable memory is integrated into a secure microprocessor, 
The terminal of the invention preferably comprises one or said filter software being executed in said secure raicropro- 
more of the following features, possibly in combination: ccssor. The dedicated terminal module can be portable, 
said device for executing the filter program comprises first * Depending on the mode of execution of this second 
means for identifying and/or authenticating said appli- embodiment of the invention, the programmable memory 
cation installed on said unit or the source of said for loading and storing the filter software can be in the 
requests sent by said application, personal security device or in the terminal module. In the 

•j , 4 • A f M ^ a an latter case the terminal module can include a single micro - 

said data processing device for executing said filter pro- . , _ . _^ 

gram comprises means for verifying the integrity of 10 processor for executing the filter software and for control- 
data received from said application, hn S tee interfaces or two microprocessors respect.vely 
, . y . , implementing these two functions, 
said data processing device for executing said filter pro- 
gram comprises centralised means for controlling con- BRIEF DESCRIPTION OF THE DRAWINGS 
ditionsofuseofse™ 15 Vark)us cmbodimcnts of thc mvcntion ^ now bc 

in accordance with said application and/or the user, , . r 4 , 

m 4^.uauu ' described with reference to the accompanying drawings, m 

said data processing device for executing said filter pro- particular embodiments in which the filter software is loaded 

gram comprises: anc l exe cuted in the terminal to guarantee its source, its 

means for commanding secured loading of said filter confidentiality and its integrity, the software being also able 

program into said programmable memory via said 20 to authenticate the source of requests sent to it if confidence 

first or said third interface means from an entity m tne interfaces with the user, i.e. the screen and the 

external to said module, and keyboard, cannot be guaranteed, 
first access control means for authorising said loading nG x fe a di showi me architectur e of 

of said filter program only in response to at least one a system for carfying QUt by means of a 

predefined condition, 25 termma] in accordance ^ the mvetl tion; 

the terminal comprises second means for authentication of fig. 2 A shows a first embodiment of the invention in 

said first data processing means by said second data which me terminal & a personal computer connected to an 

processing means, integrated circuit card by a reader, the application being 

the terminal comprises third means for authentication of installed on the personal computer or on a remote server; 
said second data processing means by said first data ™ FIG. 2B explains the functional architecture of one vari- 

processing means, ant of me first embodiment of the invention in which the 

the terminal comprises a first communication channel personal computer serving as a terminal is connected to a 

between said first data processing means and said security server on which the filter software is installed; 
second data processing means and first means for ^ piG. 3 shows a transaction system using a terminal 

securing said first communication channel, constituting a second embodiment of the invention, which 

the terminal comprises fourth means for authentication of C an be a dedicated product connected as a peripheral device 

said terminal module by said user, independently of to a personal computer or directly to a server or based on a 

said card, personal computer; 

said fourth authentication means comprise means for 40 FIG. 4A is a block diagram of the hardware architecture 

calculation by said first data processing means and for 0 f the electronic circuits of a first mode of execution of the 

presentation to said user via said second interface terminal from FIG. 3; 

means of a password known to said user and computed F IG. 4B is a functional diagram illustrating a first soft- 

on the basis of a first secret parameter stored in said first ware architecture configuration of the terminal from FIG. 

data processing means, 45 4^. 

the terminal comprises fifth means for conjoint authenti- pic. 4C is a functional diagram similar to that of FIG. 4B 

cation of said terminal module and said card by said showing a second software architecture configuration of the 

user* and terminal from FIG. 4A; 
said fifth authentication means comprise means for com- FIG. 5 is a block diagram of the hardware architecture of 

putation by said device for executing said filter pro- 50 lhe e i ec tronic circuits of a second mode of execution of the 

gram and for presentation to said user via said second autonomous terminal from FIG. 3; 

interface means of a password known to said use and piG fi fc fl bJock d{ of ^ faardware architecture of 

computed on the basis of at least second and third secret ^ electronic circuits of a mird mode of execution of the 

parameters stored respectively in said first data pro- autonomous tcrminal from na 3. 
cessine means and said second data processing means. 55 ., t A . . . - 

In a first embodiment of the invention the terminal FIG. 7 is a diagram illustrating the conventional software 

, , , . a -a ui architecture of a microcircuit card; 

module is a personal computer and said programmable . . ' 

memory is the hard disk of said computer, said filter soft- FIG - 8A » a d»g«* illustrating the software architecture 

ware is executed on the personal computer, or in a second of a transaction system comprising the terminal from FIG, 

mode of execution said programmable memory is on a 60 ^» 

secure server connected to the personal computer, the part of FIG. 8B is a diagram illustrating the software architecture 

the filter software to be protected being executed on said of a transaction system comprising the terminal from FIG. 6; 
secure server. FIG. 9 is a diagram illustrating the implementation of an 

In a second embodiment of the invention the terminal electronic trading application by means of a system in 

module is a device such as a dedicated integrated circuit card 65 accordance with the invention; 

reader, in which case said personal security device is an FIG. 10 is a flowchart showing the process of download - 

integrated circuit card or a personal computer. This embodi- ing a program into a reprogrammable memory of the ter- 
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minal module from FIG. 4Aor FIG. 5 or of a microcircuit 
card connected to the latter; 

FIG. 11 is a diagram illustrating means for authentication 
of the terminal module; and 

FIG. 12 is a diagram illustrating means for conjoint 
authentication of the terminal module and of the personal 
security device. 

DETAILED DESCRIPTION OF THE 
INVENTION 

Referring to FIG. 1, a system for carrying out secure 
transactions comprises a terminal module 1 for reading an 
integrated circuit card 31 or the like. The terminal module 1 
comprises a filter F consisting of a software module pro- 
cessing high-level requests issued by application service 
providers FAp external to the terminal module 1 by means 
of a logic interface F-API and user interfaces such as a 
display screen 4 and a keyboard 5 enabling a user to read and 
enter data. It also comprises a reader or other communica- 
tion interface 6 with a microcircuit card or any equivalent 
security device personal to the user of the token, "Java Ring" 
(from SUN), "iButton" (from Dallas Semiconductor 
Corporation), or soft token type and communication inter- 
faces with at least one application service provider FAp 
which can be installed on a PC and/or on a server Sap, for 
example, data then being exchanged via a data communi- 
cation or telecommunication network R. 

The terminal module 1 can be a dedicated terminal or 
integrated into a PC or into a network computer (NC) 
dedicated to network applications or into a cable TV net- 
work decoder (Set Top Box). 

The terminal module 1 can perhaps be used in autono- 
mous mode, for example to read information such as the 
contents of an electronic purse contained in a memory of the 
card 31. 

To carry out secure transactions the terminal module 1 can 
be used on-line to a server Sap or off-line, the application 
FAp then running locally, for example on the PC: this is the 
case when, for example, a user must sign an electronic mail 
message or transactions that will be sent to an addressee. An 
operation of this kind does not imply connection to an 
application server at the time when the card 31 is used. 

In on-line mode, as represented in FIG. 3 in the case of a 
dedicated terminal module 1, the latter can be connected to 
the server Sap on which the application FAp is installed via 
the PC and a network R such as the Internet or through the 
intermediary of the telephone network R via a modem MO 
or a DTMF link with a telephone handset CT Some 
transactions, such as reloading an electronic purse in the 
card 31, can necessitate bidirectional exchange of data with 
the server Sap and are therefore more ergonomic in on-line 
mode. 

Carrying out a transaction secured with a terminal module 
1 and a card 31 implies that high-level software requests (for 
example: requests for signature, authentication, etc which 
must be processed so as to meet the required security 
objectives of the application program) will be sent from the 
application program installed on the server Sap for example 
(on-line mode) or in the PC or NC available to the user 
(off-line mode, for example signing of electronic mail) to the 
filter F controlling the security means. The filter F processes 
these requests by means of translation software to assure- 
that the application or virus type software cannot have direct 
access to the cryptographic functions of the integrated 
circuit card 31. The processing of the high-level requests 
includes translation of these requests into one or more 
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elementary commands which are executed by the personal 
security device. The high-level requests are formulated 
independently of the software and/or hardware design of the 
personal security device, i.e. they are not formulated as a 
5 direct function of the personal security device. The high 
level requests contain information specifically related to the 
process that will be executed by the filter F. In a simple 
example, a high level request can contain a single elemen- 
tary command to be transferred to the personal security 
10 device, for example, an APDU (Application Protocol Data 
Unit) in the case of a smart card, attached to a Message 
Authentication Code that will enable the filter F to check the 
origin and integrity of this request before sending the 
elementary command to the personal security device.* In a 
is more complex example such as a request to sign a document, 
the high level request will be transformed by the filter F into 
a sequence of elementary commands sent to the personal 
security device and eventually to the user interface. Thus, 
according to this definition and due to the fact that it contains 
20 specific information to be decoded by the filter F indepen- 
dently of the personal security device, the high-level 
requests will be said to be independent of the personal 
security device. 

The filter F meets the security objectives required in that 
25 the translation software that it includes verifies the identity 
of the application issuing the service requests (or the source 
of requests directly) and is installed in a manner that 
guarantees the integrity and. the confidentiality of the opera- 
tions and data used to respond to service requests. 
30 Translation software is configured for one type of micro - 
circuit card and translates a high-level request received from 
application software into one sequence or a plurality of 
sequences of elementary commands that can be executed by 
the microcircuit cards and/or a sequence of exchanges of 
35 data with the user. 

The high-level requests are a list of commands used by the 
application programs to invoke the security services needed 
to identify and authenticate the person performing the trans- 
action and to guarantee the source, the integrity and where 
40 applicable non-repudiation of the transaction. A high-level 
request from an application (on a server or on the PC or NC) 
can be characterised by one or more of the following points: 
it is independent of the basic means (cryptographic 
45 means, for example) used to respond to its request and 
contains specific information to be processed by the 
filter F. Reciprocally, a plurality of applications can use 
the same security service provider, employing the same 
logic interface F-API defining these requests. 
50 the processing of the request links the transaction in a 
certain manner to the user performing the transaction 
by means of at least one fixed or variable secret 
parameter stored in the integrated circuit card of the 
user. 

55 it can include information enabling the filter software F to 
verify its source and its integrity. Authentication can 
use a Message Authentication Code (MAC) or a code 
of the electronic signature type associated with the 
request. 

60 if the transaction is not entered by the user on the terminal 
module itself, the request can contain the information 
needed for the user to verify the essential data of the 
transaction, if required and if the terminal module 
supports this option. 
65 The logic interface F-API for exchanging high-level secu- 
rity requests between the application and the translation 
software of the filter F can be standardised so that it is 
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common to different application programs. Accordingly, the 
signature type request can be used by an electronic mail 
application and by purchasing software. It is therefore 
possible to change the application whilst retaining the secu- 
rity service provider or vice versa to replace the security 
service provider without changing the application. 

To guarantee the integrity of the chain of confidence 
between the application and the card, the translation filter 
software F identifies and even authenticates the source and 
the integrity of requests that it receives. Various methods are 
feasible for identifying the application issuing the requests: 
an identification code can be integrated into the request 
itself and then verified by the filter software using 
information that it contains or that can be stored on the 
integrated circuit card; 
the same objective can be achieved by comparing the 
result of a hashing operation executed by the filter 
software on the application software issuing the request 
with a result previously stored on the card, for example. 
This solution is particularly suitable for the situation in 
which the application is installed on the user's PC; 
authentication can equally be performed by associating 
with the request a MAC calculated from the content of 
the request and a secret key shared between the appli- 
cation and the filter software. An equivalent principle 
can be used with a signature on the request calculated 
with the same information and a private key known to 
the application, the signature being verified with the 
corresponding public key known to the filter software. 
FIG. 2 A explains a first embodiment in which the terminal 
module 1 is a PC 102, the connection to the integrated circuit 
card 31 employing a reader 6 connected to or integrated into 
the PC 102. The PC 102 includes input/output interfaces 
102a to the reader 6 and the server Sap. Depending on the 
nature of the reader connected to the PC, the user interface 
components can be the keyboard and the screen of the PC 
itself or a keyboard and/or an LCD display on the reader, for 
example. In this embodiment the filter F is installed and 
executes on the PC 102. The filter F, and therefore the 
translation software that it contains, can be stored on the 
hard disk (HD) 102b of the personal computer 102. To 
execute on the central processor unit or microprocessor 102c 
of the PC, the filter software is loaded into the random access 
memory (RAM) 102d of the personal computer 102. 

Because the hard disk of a PC is difficult to protect, the 
filter software F or at least the sensitive part of this software 
can be encrypted. For this purpose it can be divided into at 
least two modules: a loading/decrypting module Fed and a 
second module corresponding to the encrypted filter soft- 
ware itself. The first module enables the second module to 
be loaded into RAM, decrypted and then executed. Refer- 
ring to FIG. 2A, the software module when decrypted and 
loaded into RAM is denoted Fdec. 

Programming languages like Java, with security mecha- 
nisms intrinsic to the language itself, strengthen the protec- 
tion of the software. 

Another method of verifying the integrity of the filter 
software is to have the second module signed by an authority 
guaranteeing the content of the filter software by means of 
a private key that is kept secret by the authority. The first 
loading module then, at the same time as performing the 
decrypting operation, performs a hashing operation on the 
second module and verifies the signature of this module 
using the public key associated with the private key of the 
authority. 

The operations described above imply the use of keys on 
which the security of the application relies. These keys can 
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be concealed in the loading module, stored in the reader 6, 
or stored on the integrated circuit card 31 itself. Another 
possibility is to install the decryption and integrity verifica- 
tion module in the reader 6. 

The object of the invention is to prevent a pirate from 
using the integrated circuit card of a user without their 
knowledge, for example by modifying the filter software 
controlling the card or the application software, or by 
loading a virus to bypass the application or the filter soft- 
ware. The embodiment described previously and its variants 
address these risks, by enabling verification of: 
the integrity of the filter software, and 
the source and the integrity of commands sent to the card 
via the reader 6, by authenticating them using a MAC, 
for example. The MAC can be verified by the reader 6 
or the card 31. Equivalent protection could be obtained 
by encrypting the dialogue between the filter software 
and the reader 6. A virus attempting to bypass the filter 
software would then send unauthenticated or incor- 
rectly encrypted commands to the reader 6 or to the 
card 31; these commands would therefore be rejected 
by the reader or the card, preventing the virus from 
achieving its aims. To prevent a hacker from determin- 
ing the keys used by a terminal by analysing the 
operation of another terminal, the keys used by various 
terminals must be diversified. 
The encryption and signature mechanisms that can be 
considered to address the need to protect the filter software 
are well known to the skilled person and are based on 
existing cryptographic techniques as described, for example, 
in "Applied Cryptography, Protocols, Algorithms, and 
Source Code in C" by Bruce Schneier, John Wiley and Sons, 
Inc., 1994 (the entirety of which is incorporated by reference 
herein) and for this reason will not be described in detail 
here. 

Installing the filter software on a PC cannot guarantee the 
same level of security as installing it in a dedicated terminal 
that can offer additional hardware security mechanisms as 
used in the other embodiments described later, these mecha- 
nisms offering physical protection of the filter software and 
the secrets that it contains. 

FIG. 2B shows one variant of the FIG. 2A embodiment. 
This variant exploits the flexibility and the ease of connec- 
tion of a personal computer to a network. This enables part 
of the filter software, and in particular the secrets, to be held 
by a secure server Ssec. 

In FIG. 2B the filter software is divided into two software 
modules, a module F-PC installed on the PC 102 and a 
module F-SE installed on a security server Ssec. The pro- 
grammable memory previously referred to and storing the 
filter software is therefore in the secure sever Ssec in this 
variant, i.e. out of reach of unauthorised users. Likewise, the 
filter software or at least the sensitive part of the filter 
software F-SE requiring protection executes on the secure 
server Ssec. 

The software module F-PC installed on the PC 102 is 
connected by a secure channel CS to the security server 
Ssec. The secure channel is an encrypted communication 
channel for exchanging protected data between the two filter 
software modules F-PC and F-SE and possibly reciprocal 
authentication of the two modules F-PC and F-SE. The 
secure channel can use well-known communication proto- 
cols such as SSL, for example. 

Setting up this secure channel CS therefore enables the 
first filter software module F-PC to send to the second filter 
software module F-SE requests received from the applica- 
tion FAp via the logic interface F-API together with infor- 
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mation concerning identification of the application issuing 
these requests. After verifying the information relating to the 
application, and depending on the application and possibly 
on rights of the user, the second software module F-SE then 
translates these requests into a series of commands to the 
microchip card 31 and for controlling exchanges of data 
with the user. The commands generated by the module F-SE 
arc then sent to the first module F-PC which routes them to 
the element concerned: the PC itself in the case of the 
commands controlling exchanges with the user or the inte- 
grated circuit card. For the commands controlling exchanges 
with the user to execute on the PC, the latter must include 
an interpreter software module 1. The interpreter software 
enables display of messages on the screen 4 and input of 
information by the user via the keyboard 5. The interpreter 
software module is described in more detail in connection 
with FIGS. 4B and 4C. 

This second mode of execution is based on the mecha- 
nisms described a propos the first mode of execution (FIG. 
2 A) insofar as the identification of the application (bashing 
or signature, for example) and protection of commands sent 
to the card (addition of a MAC, for example) are concerned. 
On the other hand, it offers an enhanced degree of security 
insofar as the filter software module F-SE translating high- 
level requests received from the application FAp executes in 
a secure environment. In the context of the invention the 
server Ssec is deemed to be secure if it is not accessible 
physically or logically (i.e, via a network connection) to 
unauthorised persons. 

The second mode of execution shown in FIG. 2B is 
suitable for applications employed in a closed or private 
environment controlled by a central authority, as it neces- 
sitates a protected server administered centrally. This second 
mode of execution also offers the facility to define a cen- 
tralised policy of access to cryptographic services offered by 
the integrated circuit card. This access policy can be based 
on applications requiring the services of the card and on the 
users themselves. In the case of a business issuing its 
employees or customers integrated circuit cards enabling 
them to sign electronic mail and banking transactions, it can 
assure that only authorised users can sign: this mechanism 
can be implemented using the secure channel CS. For each 
signature request issued by one of the applications deemed 
to be valid by the business (the electronic mail program and 
the bank transaction software), the software module F-SE 
will execute a request for authentication of the user. This 
request can be executed, for example, by sending a random 
number (challenge) to the card 31 via the secure channel CS. 
After the user enters their confidential code, the integrated 
circuit card calculates a dynamic password by encrypting the 
challenge using a secret key that it holds. The password is 
then sent via the secure channel CS to the software module 
FSE. Knowing the user and therefore the secret key held on 
their card, the software module F-SE compares the password 
received with the password expected. This mechanism, 
known as challenge-response mode authentication, enables 
the software module F-SE to validate the user's identity. 
Thus the business that has issued the integrated circuit cards 
to the users can assure that only users who are still autho- 
rised can sign bank transactions, for example. 

By virtue of the secure and centralised means that it 
represents, the server Ssec enables not only secure installa- 
tion of the filter software F-SE but also the facility of 
instituting a centralised policy for controlling use of security 
services offered by the integrated circuit card. The server 
Ssec enables a centralised policy to be instituted by virtue of 
the fact that the same server can be connected to a plurality 
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of software modules F-PC installed on the personal com- 
puters of a plurality of users. Thus the server Ssec enables 
centralised definition and control of the conditions of use of 
security services offered by the cards issued to the various 
5 users in accordance with the profile of the application 
requesting the services and the rights of said users. Institut- 
ing this centralised policy implies the server holding the 
necessary information, i.e. the rights of users to use a 
particular security service in connection with a particular 
application. 

This second mode of execution (FIG. 2B), well suited to 
private environments, is difficult to apply to open applica- 
tions where a secure central server Ssec is not feasible. 

FIG. 3 shows a terminal module embodying functional 
architecture principles similar to those of FIG. 2B in a 

15 different embodiment requiring no centralised server. The 
terminal module in the second embodiment of FIG. 3 has a 
very high level of security, enabling it to assure local 
protection of the filter software F directly. 

In FIG. 3 one face of the terminal module 1 which can be 

20 a portable unit, carries the display screen 4 and the keyboard 
5 and the unit contains the electronic circuits, which are 
preferably not accessible from the outside. The module 1 
contains the reader 6 and has an opening for inserting the 
microcircuit card 31 into the reader 6. The mode of execu- 

25 tion described with reference to FIGS. 3, 4A, 4B and 4C 
must not be considered as limited to a dedicated terminal. 
The following description applies to a PC-based or 
NC-based terminal. 

In a first mode of execution, shown in FIG. 4A, of this 

30 second embodiment of the terminal module of FIG. 3, the 
electronic circuits of the terminal module 1 are based on a 
standard micro controller 2 and a secure microprocessor 3 
which are interconnected and permanently installed in the 
module 1. As an alternative to this, the microprocessor 3 can 

35 plug into the module 1 by means of a connector 41 shown 
in dashed fine in FIG. 4A. This description covers a generic 
mode of execution based on a standard micro controller. In 
a particular mode of execution that will be described later, 
the micro controller 2 can be a PC 102 of the type shown in 

40 FIG. 2B. 

The standard micro controller 2 comprises a processor 
unit 2a } temporary memory (RAM) 2b and permanent 
memory (ROM) 2c. It is preferably a "monochip" micro- 
processor the software of which is mask-programmed in the 

45 permanent memory 2c and which integrates into the same 
integrated circuit standard interface management or control 
means, the processor unit 2a, the temporary memory 2b and 
the permanent memory 2c. 
The interfaces or peripheral devices managed by the 

so micro controller 2 include the data display screen 4, for 
example a liquid crystal display, the keyboard 5 for entry of 
data by a user, the microcircuit card reader 6, an external 
connection interface 7, for example of the RS 232 or 
PCM-CIA type, an infrared link interface 8 and a DTMF 

55 device 9 for sending data over a telephone line. 

The components of the module 1 also include a clock 10 
and an electrical power supply 11 for the various circuits and 
components of the module 1. The electrical power supply 11 
can be a battery power supply if the module 1 is portable and 

60 autonomous. 

The task of the standard micro controller 2 is to manage 
the environment, i.e. to control the interfaces 4-9 and the 
clock 10 together with the power supply 11 for selectively 
energising the secure microprocessor 3 in the case of an 

65 autonomous module 1. 

The standard micro controller 2 therefore requires little 
computing power, little temporary memory (RAM) and no 
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semi-permanent memory (EPROM OR EEPROM). The 
micro controller 2 is write protected by virtue of the fact that 
programs (interface control and, as described below, 
interpretation, management of clocks and electrical power 
supply, etc) are mask-programmed in the permanent 
memory 2c. As will become apparent hereinafter, the stan- 
dard micro controller 2 can also contain one or more secret 
parameters on the basis of which it can be authenticated by 
the secure microprocessor of the terminal module and/or of 
an integrated circuit card. The secrets must therefore be 
protected against reading and writing. They are preferably 
stored in the temporary memory (RAM) of a "monochip" 
microprocessor which cannot be written or read from the 
outside. The standard micro controller 2 can also have 
additional security functions, for example to prevent fraud 
such as display of data different to that coming from the 
microprocessor 3. 

It is therefore of low cost and consumes little electrical 
power, which is particularly suitable for a portable product. 
The micro controller can be an OKI MSM 63180, for 
example. 

There are preferably two clocks 10: a low-frequency 
clock 10a, for example a 32.368 kHz clock, and a high- 
frequency clock 106, for example a clock at 1 MHz to 12 
MHz. The micro controller 2 commands the connection of 
its system clock to one or other of these two clocks. 

The slow clock 10a times a timer 2d of the micro 
controller 2 with a period of 0.5 s to provide a real time clock 
in the module 1. The processor unit 2a can also use the slow 
clock 10a for functions that do not require high calculation 
speed: in this case the system clock of the micro controller 
2 is connected to the slow clock 10a and the fast clock 10b 
is stopped. This mode of operation reduces the electrical 
power consumption of the module 1 which is advantageous 
if it is portable and battery powered. 

The microprocessor 3 which is read and write protected 
includes a central processor unit 3a, a temporary memory 
(RAM) 36 and a permanent memory (ROM) 3c, together, 
with electrically reprogrammable semi-permanent memory 
(EEPROM or Flash RAM, for example) 3d for storing the 
application programs of the module 1. 

The secure microprocessor 3 is of the type used in 
microcircuit cards and has a limited number of inputs and 
outputs, its internal buses being inaccessible from the out- 
side. It is manufactured with other security mechanisms 
specific to this type of microprocessor and well known to the 
skilled person, such as security matrix, memory scrambling, 
clock frequency control, reset control, etc mechanisms. 

Because the microprocessor 3 has a semi-permanent 
memory 3d it is possible to load one or more application 
programs into it from the outside, for example from a server 
or from a microcircuit card. It is therefore possible to modify 
the application(s) in accordance with requirements (access 
control, financial and/or commercial transactions, electronic 
purse, etc) for which the module 1 is intended. If the size of 
the semi-permanent memory 3d allows it, it is also possible 
to install new applications during its use. 

Depending on the version chosen, the secure micropro- 
cessor 3 can compute cryptographic functions requiring 
large-scale computations embodied in RSA or DSA type 
asymmetric algorithms or use simpler algorithms, for 
example DES type algorithms. 

The secure microprocessor 3 can be, for example: 

a SIEMENS SLE44C160S non-cryptographic micro- 
processor, with 14 kbytes of ROM and 16 kbytes of 
EEPROM; 

an SGS THOMSON ST16CF54A cryptographic micro- 
processor, with 16 kbytes of ROM, 4 kbytes of 
EEPROM and 480 bytes of RAM; 
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a PHILIPS 1*830858 cryptographic microprocessor with 

20 kbytes of ROM and 8 kbytes of EEPROM. 
The secure microprocessor 3 is connected by the link 12 
to the standard micro controller 2 and by links 13 and 14 to 

s the external interface 7 and to the microcircuit card reader 6 
via respective switches- interface adapters 15 and 16. The 
switchesinterface adapters 15 and 16 are controlled by the 
standard micro controller 2 via respective links 17 and 18. 
The standard micro controller 2 comprises an interpreter 

10 program 20 (FIGS. 4B and 4C) stored in the ROM 2c and 
enabling it to execute commands generated by the software 
for translating high-level requests forming part of the appli- 
cation or program(s), as described hereinafter. The inter- 
preter 20 enables application programs stored in the secure 

is microprocessor 3 to control the interfaces 4-9 via the link 
12. The application programs can nevertheless be located 
and executed elsewhere than in the secure microprocessor 3, 
for example on a microcircuit card 31 inserted into the 
interface 6, for example a card supporting mechanisms for 

20 downloading and executing applications as described in 
French Standard NF EN 726-3, the title of which translates 
as "Integrated circuit cards and terminals for telecommuni- 
cations. Part 3: Specifications of the card independent of the 
applications". 

25 Depending on the security rules to which they are subject, 
the application programs can also be divided between these 
various locations. 

FIG. 4B is a functional diagram showing a first software 
architecture configuration of the module 1 from FIG. 4A in 
30 which all application programs Al, A2, . . . , An and security 
functions (condensate computations, symmetrical crypto- 
graphic algorithms such as DES or triple DES, asymmetric 
cryptographic algorithms as proposed by RSA) are imple- 
mented in the secure microprocessor 3. 
35 The applications denoted Al, A2, . . . , An hereinabove 
and in the remainder of the description comprise at least the 
filters Fl, F2, . . . , Fn and thus in particular the software for 
translating requests from the application service providers) 
FAp forming part of the main application 54 (FIG. 8A). 
40 The standard micro controller 2 manages the environment 
using various interface drivers: 

a driver 21 for the microcircuit card reader or interface 6; 

a driver 22 for the serial link interface 7; 

a driver 23 for the keyboard 5; 

a driver 24 for the infrared link interface 8; 

a driver 25 for the display 4; 

a driver 26 for the clock 10 and the power supply 11; 
a driver 27 for the DTMF interface 9; and 
50 a driver 28 for other interfaces, assuming that the module 
1 includes one or more interfaces other than those 
represented in FIG. 2. 
The secure microprocessor 3 can therefore control the 
interfaces by means of commands which are interpreted by 
55 the interpreter 20 and executed by the standard micro 
controller 2 using the drivers 21-28. 

FIG. 4C shows a second software configuration of the 
module 1 from FIG. 4A in which one:or more applications 
Ax and one or more cryptographic functions Sx are stored in 
60 a reprogrammable memory 30a of a secure microprocessor 
30 of a microprocessor card 31. When the card 31 is inserted 
into the reader 6, the microprocessor 30 executes the appli- 
cations Ax and the cryptographic functions Sx. Other appli- 
cations and security functions can be resident in and 
65 executed by the secure microprocessor 3 of the module 1 For 
example, the microprocessor 30 of the card 31 can assure an 
electronic signature function assuming that the secure 
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microprocessor 3 does not include a dedicated computation to the interna] bus of which is connected a secure micro 
processor (cryptoprocessor). Reciprocally, if the secure controller 29 controlling the display screen 4 and the key- 
microprocessor 3 includes a cryptoprocessor, it is possible board 5 of the PC directly. 

for an application on the microcircuit card 31 to invoke [ Q 0 ne variant the memory in which the software for 

cryptographic commands of the module 1 that will be 5 translating high-level requests is stored, volatile RAM with 

executed by the secure microprocessor 3. backup power supply or semi-permanent memory 

In this second configuration, which otherwise is identical (EEPROM or Flash RAM), can be external to the micro 

to that of FIG. 4B, the interpreter 20 has the same role controUcr 29 . In this case the translation software can be 

relative to the microprocessor 30 as it has relative to the encrypted ^ signed or prot ected by a message authenti- 

secure microprocessor 3. Thus the module 1 can execute w cation rodc to assufC ib ^ h ^ [i& 

different applications according to the type of microcircuit M{ ^ ^ ^ b me micf0 29 

card 31 inserted into the reader 6, for example: decrypted and then executed. 

authentication of the user in the context of a banking In a third mode 0 f execution represented in FIG. 6 of the 

transaction (balance enquiry, transfer of funds, etc) second embodiment of the invention the terminal module 

effected via a telephone line by means of the DTMF 15 101 has no xaut microprocessor 3. In FIG. 6 the same 

interface 9; reference numbers as in FIG. 4A denote the same elements. 

electronic purse balance enquiry or reloading from the fhe micro controller 2 controls the interface 6 and the 
module 1 when a microcircuit card 31 used as a purse switch-adapter 15 for connecting the secure microprocessor 
is inserted into the reader 6. The module 1 offers the 130 0 f a programmable microcircuit card 131 in the inter- 
facility to manage several different purses: bank purse, 20 f ace g w i tn the external link interface 7. In this case all of 
purse specific to an institution, for example; the applications A and the cryptographic functions C are 

reading a medical dossier on a medical card; stored in a semi-permanent memory (EEPROM or Flash 

reading loyalty points on a card on which loyalty points RAM) 130a of the secure microprocessor 130 of the pro- 

are awarded to a consumer according to purchases grammable microcircuit card 131 and implemented by the 

made, participation in customer loyalty operation, etc. is latter as described with reference to FIG. 4C in respect of the 

The mode of execution described hereinabove with ref- applications Ax and the cryptographic functions Cx. 
erence to FIG. 4Aand the software configurations shown in In the examples described previously, for simplicity, the 
FIGS. 4B and 4C likewise apply to a terminal based on a microprocessor 30, 130 of the integrated circuit card and the 
conventional PC additionally equipped with a secure micro- secure microprocessor 3 possibly incorporated in the termi- 
processor 3. In this mode of execution the micro controller 30 nal module have a single communication port. This implies 
2 corresponds to the PC 102 as shown in FIG. 2 A, the that in these examples exchanges between the various 
processor unit 2a corresponds to the microprocessor 102c of entities, i.e. the electronic unit 154 (FIG. 8) containing the 
the PC and the RAM 2b and the permanent memory 2c main application, the secure microprocessor 3 and the 
respectively correspond to the RAM VSfld and the hard disk microprocessor 30, 130 of the integrated circuit card, are 
102£>. Likewise the inputs/outputs 102a of the PC corre- 35 effected via the micro controller 2 or 29 of the terminal 
spond to the interface modules 7, 8 and 12 of FIG. 4A. The module. The above descriptions must not be considered as 
connection between the secure microprocessor 3 and the PC limiting on the invention: other implementations are feasible 
102 can be a serial or parallel link or a connection to the within the scope of the present invention. The secure micro- 
PCMCIA type internal bus of the PC, or a direct connection processors for integrated circuit cards currently available 
to the PC motherboard. As an alternative to this, the secure 40 which can be used for the card itself (microprocessor 30, 
microprocessor 3 can be fixedly or removably (via the 130) or in the terminal module (microprocessor 3) can have 
connector 41) integrated with the PC keyboard. two communication ports. Various embodiments optimising 

In this case the interpreter software module 20 and the communication are therefore easy to envisage with this type 
peripheral driver software modules 21 through 28 are of microprocessor. In FIG. 4C, for example, one port of the 
installed on and executed on the PC. The functional archi- 45 integrated circuit card 31 can be dedicated to controlling the 
tecture of this mode of execution is equivalent to that shown user interface and therefore connected to the micro control- 
in FIG. 2B, the interpreter module 20 installed on the PC ler 2, the other port being connected to the electronic unit 
assuring the same role as the interpreter module 1 from FIG. including the main application, subject to appropriate inter- 
2B: it executes commands for controlling exchanges with face adaptation. 

the user received from the filter software F which is installed 50 According to one important feature of the invention, filter 
in a secure manner in the microprocessor 3 (FIG. 4B) or the software is stored in the reprogrammable memory EEPROM 
integrated circuit card 30 (FIG. 4C). associated with the secure microprocessor 3 or 29 of the 
The FIG. 5 diagram illustrates a second mode of execu- terminal module 1 and/or the secure microprocessor 30, 130 
tion of a second embodiment of the invention in which the of the card 31, 131. This filter software translates in a 
electronic circuits of the terminal module 1 are based on 55 manner known in itself high-level requests from the server 
a, single micro controller 29 replacing the micro controller 2 Sap or from the PC into sequences of elementary commands 
and the microprocessor 3 and offering the same type of that can be executed by these microprocessors (these corn- 
physical and logical protection as the microprocessors mands are defined in part 4 of ISO standard 7816-4). In 
designed for integrated circuit cards. This micro controller accordance with the invention, this filter software translates 
drives all the interface means 4-9 of the terminal module. It 60 these high-level requests into sequences of exchanges of 
includes a processor unit 29a, a temporary memory (RAM) data between the terminal module 1, 101 and the user via the 
29b, a permanent memory (ROM) 29c and a semi- interface means such as the display 4 and the keyboard 5. 
permanent memory (EEPROM) 29a* for storing the transla- This solution has the advantage of considerably reducing 
tion software. The processor unit 29a corresponds to both the flow of data exchanged between the terminal module 1, 
the data processing unit 2a controlling the interfaces and the 65 101 and the server Sap or the PC, but requires secure 
processor unit 3a for executing the translation software. As installation of the translation software to prevent instructions 
previously, the terminal module 1 can be based on a PC 102 sent to the microcircuit card from being modified. 
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This filter software is an integral part of the portion of the communication protocol software 80; 

application software installed in the terminal module 1 APDU command interpretation software 81; 

and/or the card 31, 131 and can therefore be downloaded. secure file management services (for example PIN 

FIG. 7 illustrates the conventional software architecture checking) software 82; 

of a microcircuit card (smart card). 5 cryptographic services software 83 (symmetrical crypto- 

Thc various software layers are represented by a block 43 graphic computations using secret keys or asymmetric 

which comprises a "communication protocol" software cryptographic computations using public and private 

layer 44 enabling commands to be received. These com- keys, etc) for authentication of the secure microproces- 

mands are decoded by an "APDU command interpreter'* sor 3 of the terminal 1 (by the microprocessor 30 of the 

software layer 45 (APDU: Application Protocol Data Unit) 10 card 31) in conjunction with the software 63, among 

the role of which is to route the commands to the processing otner functions; 

modules, which can be: tne operating system 84 of the microprocessor 30 on the 

secure file management services software 46; The^mLnicaUon protocol 60, 70, 80 controls exchange 

cryptographic services software 47; 0 f dala between: 

application software 48. the microprocessor 30 of the card 31 and the standard 

The processing modules 46, 47, 48 rely on basic services m i cro controller 2 of the PC 102 of the terminal module 

offered by the operating system 49 of the microcircuit card. 

FIG. 8A illustrates the software architecture of a system tne microprocessor 3 and the micro controller 2 of 

for carrying out secure transactions using terminal modules me terminal module 1; 

1 provided with a secure microprocessor 3 in accordance thc sccure microproccssor 3 of the terminal module 1 and 

with the mode of execution of the invention shown in FIG. the microprocessor 30 of the card 31. 

4A - FIG. 8B is a view similar to FIG. 8A illustrating the 

Block 51 represents the software executed by the secure software architecture of the system in the situation where the 

microprocessor 3 of the terminal module 1, block 52 the 25 terminal module 101 does not inchide ihc secure rrhcropro- 

software executed by the micro controller 2 or the PC 102 cessof 3? in accordance ^th the third mode of execution of 

of the terminal module 1, block 53 the software executed by me embodimeDt of me invention (FIG. 6). 

the microprocessor 30 of a microcircuit card 31 and block 54 [n FIG gB block 152 represents the software executed by 

the main application software (application service provider) the micrQ ccmtroller 2 0 f the terminal module 101, block 153 

installed on the server Sap or on a PC. 30 the software executed by the microprocessor 130 of a 

Block 51 is similar to block 43 of FIG. 7, i.e. the secure programmab le microcircuit card 131, and block 154 the 

microprocessor 3 has an architecture similar to that of an main applicatioD software installed on the server Sap or on 

integrated circuit card. Block 51 comprises: a pc 

communication protocol software 60; bIq^ 152 comprises the same software 70, 71 and 73 

operating system 61; 35 through 75 as block 52 from FIG. 8A and a block 76 which 

a block 62 representing the portion of the application comprises software for authentication of the standard micro 

software installed in the terminal module 1, this portion controller 2 of the terminal module 101 (by the micropro- 

of the application software essentially comprising the cessor 130 on the card 131). 

filter software previously mentioned. Various software Block 153 relating to the microprocessor 130 of the card 

modules of this type corresponding to various applica- 4 ° 131 comprises software 62 and 80 through 84 of blocks 51 

tions can co-exist in the secure microprocessor 3; and 53 from FIG. 8A together with software 77 for authen- 

„ Ci ,~ c , f , , , tication of the standard micro controller 2 of the terminal 

optionally, software 63 for authentication of the standard . -iia r*u ^ ni \ 

micro controller 2 (by thc sccure microproccssor 3) and module 101 *f ^processor of the card 131) in 

authentication of the secure microprocessor 3 of the conjunction wtth the software 76. 

. , j i 1 /l *u * ia f *u 45 Unlike a conventional system, in a secured transaction 

terminal module 1 (by the microprocessor 30 01 the „ . . . . - , . 

card 31V system of the invention the filter software 62 which trans- 

lates high-level requests from the application into elemen- 

secure file management software 64; tafy commands mal can be executed by a microcircuit card 

cryptographic services software 65. installed in the secure user environment, i.e. either in the 

Block 52 comprises: 50 terminal module 1 (for the applications Al, A2, . . . , An of 

communication protocol software 70; the modes of execution from FIGS. 4A4C and 5) or on a 

a command interpreter 71 corresponding to the software semi-permanent memory card 31, 131 which can be used 

20 from FIGS. 4B and 4C* w * tn tne terminal module 1, 101 (for the applications Ax of 

A e ' iU ** *• f o*o„ the FIG. 4C embodiment and for all the applications of the 

authentication software 72 for authentication of the stan- . vv 

dard micro controller 2 (by the secure microprocessor 55 YXKj ' » emboaiment;. • 

- c .. . . , j i i\ • rt • „,;,u t u a Apart from its microcircuit card management function, 

3 of the terminal module 1) in conjunction with the ..A,. A . , . . ^> . tU #u 

software 63* software 62 controls interaction with the user, i.e. 

' 4 . the sequences of exchanges of data between a user and the 

software 73 for controlling resources internal to the micro l&Tmina} module which are ie( ^ T ^ m the context of an 

controller 2; .60 application and which use the interface means, namely the 

software 74 for controlling interfaces with the user drivers screen 4 and the keyboard 5. Note that the invention is not 

23 and 25 for the screen 4 and the keyboard 5); limited to the use of a screen and a keyboard as interfaces 

software 75 for controlling the communication interfaces with the user and that any other type of interface with the 

7, 8 and 9 (drivers 22, 24, 27). required ergonomic features could be suitable, for example 

Finally, block 53 is similar to block 43 but in the example 65 a voice interface, 

described with reference to FIG. 8 A does not include any Transactions are secure because the filter software 62 is 

application or filter software. It comprises: securely installed in the secure microprocessors or 29 of the 
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terminal module 1 or the microprocessor 30, 130 of tbe i. the terminal module 1 sends a private key read request 

microcircuit card 31, 131. The keys and rules necessary to to the card 31, 

access files on the microcircuit card 31, 131 are contained in j. ail access conditions having been satisfied, the card 31 

the translation software 62 and are therefore inaccessible to accepts the read request and sends the private key, 

third parties. 5 which is encrypted using a secret key Kchif shared by 

The functions of the filter software 62 will be illustrated the card 31 and the terminal module 1, 

hereinafter in the context of an example of an electronic k ^ terminal moduk J d ^ rivate k ^ 

trading application. The application mcludes the following ^ Uuss9Ction by mcans of ^ private kcy> dcstroys thc 

entities. private key, disconnects from the card 31 and sends the 

a purchaser, io signed transaction to the PC which sends it to the server 

a merchant, S. 

a bank- The above example can easily be transposed to an elec- 

The merchant has an electronic trading server Sap (Web tronic transaction performed without any PC, the terminal 

server) accessible via the Internet. The purchaser has: module 1 being connected directly to a server Sap by a 

a PC for accessing the electronic server Sap to consult a 15 modem link (FIG. 3), the purchaser entering the order 

catalogue of products, (product code) on the terminal module 1. 

an integrated circuit card 31 supplied by the bank and the Note mal authentication of the secure microprocessor 3 by 

microprocessor 30 in which contains a private key but lhe card can also be effected bv wav of lhe read P rivate ke ? 

does not have any cryptographic capabilities connected 20 command by associating with it a message authentication 

with a signature, code (^ AC ) calculated ^sng a secret key. 

. . , . ' . . ™^ AA ... . This example shows that the filter software 62 can trans- 

a terminal module 1 as shown in the FIG. 4A embodiment, , 4 , . r t u tr 4 4 . „ . A 

, ,ji . . 11 >» ■ late a high-level request for transaction signature into a 

having a standard micro controller 2, a secure micro- j f . , j . 

- ... . . • . ..... ... multitude of individual requests addressed to the various 

processor 3 with cryptographic capabilities enabling a ■ . c fiL 4 ^^ ■ * * t i • * _c * 

r . . j i o. 5e j-i a mterfaces of the terminal interface 1, namely its interface 6 

message to be signed, a keyboard 5, a dtsplay 4 an 25 ^ ^ . d ^ rf 31 '. ^ ^ 

integrated circuit card interface 6 and a serial interface ... A ? t £ 4 , . , , . 4 . 4 _ 

- - & - t n „ display 4, its interface with the keyboard 5 and its interface 

7forconnecUngit oa PC for connecting it to tbe PC or the server Sap. 

The principle of operation is as follows: the transaction is ™ . .. C4r , 4L . , . , , f 

,[ ( / ( , * • • * i uuu Translation filter software of this kind has a screening 

signed by he terminal module 1 using a private key held by , idj fi , be , ween ft QUtside wor , d . ^ 

the card 31. This pnvate key is protected by a confidential 30 /• j *u • u 1 j • 4 '1 

j /r.Tvr\ c / applications, and the peripheral devices that it controls, 

code (PIN) that the purchaser must enter m a secure ™ se^rfty because: 

environment, i.e. on the termmal 1, and by prior authenti- , . J . „ , . , 

cation of the terminal 1 by the card 31 using a secret key 11 im P° r ses a sequencing of the individual instructions 

Kauth. The private key is also transmitted in an encrypted » nt ; F ° r sample, in the situation illustrated 

manner (by means of a key Kchif) to set-up a secure 35 hereinabove it ^requires the transaction to be confirmed 

communication channel between the microprocessor 30 of b ? the user beforc lt 15 sl S ned * 

the integrated circuit card 31 and the secure microprocessor 2 - It alone has the secret parameters for generating and 

3 of the terminal 1. authenticating these individual instructions. Thus it 

FIG. 9 illustrates the exchanges between the various a l° ne has the authentication and encryption keys for 

entities: 40 reading and decrypting the private key. 

a. the purchaser enters an order on the PC, Whe ? th c e fi lter S0 ^ K ««ates jn the secure micropro- 

, A1 _ n ~ . . , . • j l il cessor 3 of the terminal module 1 these properties enable a 

b. the PC generates the transaction to be signed by the c . j « * u • j u* u • 

, 6 /JtJ ■ \ j ? .u . • policy of access to the card 31 to be imposed which is not 

purchaser (product code, pnee) and requests the termi- t 1 *i • j u *u j , f * u 

r , , , . iL . always completely imposed by th card itself, or the capaci- 

nal module 1 to sign the transaction, % \ , / r , , •> . ^ •* j • . _i 

. f ac ties of a card to be expanded (signature capacity delegated 

c. the terminal module verifies the source of the request to the terminal module> use m a not foreseen when 

for signature and then prompts the user to enter their initially deployed) 

PIN code by displaying a message "enter PIN" on the ^ advantages in terms 0 f security of executing the filter 

display 4, software in the secure microprocessor of the terminal mod- 

d. the purchaser enters the code (PIN) on the keyboard 5 $Q ^le or the integrated circuit card are possible only because 
of the terminal module 1, the software executes in a secure environment, assuring that: 

e. the terminal module 1 sends the PIN to the card 31 for the secrets contained in the filter software are not acces- 
verification; positive verification lifts one of two con- sible because they are stored in the secure micropro- 
ditions of access to reading the private key, cessor 3, 29, 30 or 130, 

f. the terminal module 1 displays the transaction on its ss tne confidentiality and the integrity of the filter software 
display 4, are preserved because the software is stored in the 

g. the purchaser confirms it by pressing a "confirm" key secure microprocessor 3, 29, 30 or 130. 

on the keyboard 5 of the terminal module 1, If the terminal module 1 is a dedicated product having its 

h. the terminal module 1 submits an external authentica- own interfaces (display 4 and keyboard 5) the security 
tion request to the card 31. External authentication 60 objective is achieved because the software controlling 
enables the secure microprocessor 3 of the terminal exchanges of data with the user cannot be modified because 
module 1 to authenticate itself to the microprocessor 30 it is permanently stored in the permanent memory 2c of the 
of the card 31 and thereby lift the second level of micro controller 2 or securely stored in the micro controller 
protection of access to the private key. This authenti- 29. Thus the user can confidently confirm the content of their 
cation is performed in challenge/response mode using 65 transaction by means of the display 4 and the keyboard 5 and 
a secret Kauth shared by the terminal module 1 and the the need to verify the identity of the application or the source 
card 31, and the integrity of requests becomes optional. 
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Other mechanisms can further enhance the level of secu- nism: a condensate of the downloaded software is signed by 

rity of the chain of confidence between the secure micro- the sender using their private key; the secure microprocessor 

processor of the integrated circuit card, the secure micro- 3 then verifies the signature using the sender's public key. 

processor of the terminal module, when present, the standard Note that in this last example the public key in theory does 

micro controller or the PC of the terminal module and the 5 n° l need to remain confidential. The security features of the 

user. These mechanisms are: microprocessor nevertheless assure the integrity of the 

A) secure downloading of the filter software; softwarc ' P^enting a hacker from modifying the software 
„ x A . . . r . , . . „ , to eliminate the signature verification or simply to substitute 

B) authentication of the standard micro controller by the for ^ bljc ^ ided a ^ fa fof ^ 

secure microprocessor or (which amounts to the same ^ ^ , he rivate k 

thing but is more suitable in the case of a mode of , f , h6 tcst 3 , Scales ^ the diU rcceivcd js c a 

execution of the terminal based on a PQ i aufoenucation fl ^ ^ licatjon received ^ valid 

of the mterpreter software module I (20) by the filter ^ (ed ^ ^ ^ herwise me t ownloading program 

software F (62) and/or setting up of a secure commu- returQS tQ ^ ^ n 

nication channel between these two microprocessors or ^ ^ pm(xss ofl?ading me application software> ^ , nus 

e programs an , ^ gj ter ^f^g,^ j n ^ 0 me secure reprogrammable memory 

Q protection of a secret by the standard micro controller; (34 30 ^ 130a depending on the embodiment concerned) 

D) mutual authentication and setting up of a secure includes mechanisms for confirming the source and the 
communication channel between the secure micropro- integrity of the data received from the sender of the soft- 
cessor of the integrated circuit card and the secure 20 ware. This prevents downloading by a hacker of filter 
microprocessor of the terminal module; software that could carry out transactions in the terminal 

E) authentication of the terminal module and where module 1, 101 unknown to the user. 

applicable of the terminal module/card combination; B) Authentication of the interpreter software module 1,20, 

and 71 by the filter software F, 62 or, which amounts to the same 

F) authentication of the microcircuit card by the terminal 25 tnin S in tne corresponding mode of execution, authentica- 
module. tion of the standard micro controller 2 by the secure micro- 

A) Secure downloading of the filter software processor and/or setting up of a secure communication 

The FIG. 10 flowchart illustrates the process of down- channel between the programs or between the microproces- 

loading an application program (filter software) into the sors 

secure microprocessor 3 or 29 of the module 1 or the secure 30 For a user t0 De totally confident in the terminal module 
microprocessor 30, 130 of a card 31, 131 in the reader 6. they are using to carry out transactions it is necessary: 
This downloading can be effected from a server Sap via the to authenticate the data sent from the interpreter software 
PC and the external connection interface 7 or the infrared 20, 71 to the secure microprocessor 3, 30 or 130 
link interface 8, for example, or directly by means of a executing the filter software; and 
telephone connection via the DTMF interface 9. The down- 35 to assure that the data sent by the filter software to be 
loading can equally be effected into the secure micropro- displayed through the intermediary of the user's inter- 
cessor 3 or 29 (if the terminal module has one) from a preter software of the terminal module 1, 101 can only 
microcircuit card inserted into the reader 6. be displayed by the latter. 

In step 32 the area of the memory 3d allocated to the When the means of controlling exchange of data with the 

application program to be received is empty and the micro- 40 user, i.e. the interpreter software 20, 71, is installed in the 

processor 3 is waiting to load the application program terminal module 1, 101 in a fixed manner and cannot be 

following a loading request. modified, for example in the ROM 2c of the standard micro 

The next step 33 corresponds to a procedure for authen- controller 2, authenticating the software module is equiva- 

tication by the microprocessor 3 of the entity that will lent to authenticating the micro controller, 

download the application program (sender). This authenti- 45 Likewise, when the filter software is installed in secure 

cation procedure can use encryption mechanisms well processing means such as the secure microprocessor 3, the 

known to the skilled person, for example, such as symmetri- integrated circuit card or the secure server Ssec, in a manner 

cal mechanisms using shared secret keys or asymmetrical such that it cannot be modified by an unauthorised person, 

mechanisms using private and public keys. authentication by these secure means is equivalent to 

Step 34 is a test to determine if the authentication proce- 50 authentication by the filter software itself, 

dure has succeeded. If it has not, the message "access In the following description the mechanisms for authen- 

refused" is displayed on the screen 4 (step 42) and the tication of the software means controlling the interfaces or 

program returns to step 32; if authentication has succeeded, the interpreter software 20, 71 by the filter software will be 

the process for loading the application program begins in described. 

step 35. 55 Various solutions verify these conditions. 

Step 36 corresponds to storage in the EEPROM 3d of the A first solution consists in encrypting all the data 

data frames sent by the entity responsible for downloading. exchanged between the interpreter software 20, 71 and the 

Step 37 is a test to determine if downloading has finished: filter software, 

if not, the downloading program returns to step 36 and A second solution is to have the interpreter software 20, 

downloading continues; if it has finished, the microproces- 60 71 authenticated by the filter software and/or to set-up a 

sor 3 verifies the integrity of the received data in step 38. To secure communication channel between them, 

this end a message authentication code (MAC) can be These two solutions necessarily imply that at least one 

associated with the downloaded program for verifying not secret parameter known to the filter software F 62 is stored 

only its integrity but also its source. The MAC can be in the interpreter software 20, 71. 

generated using a symmetrical cryptography mechanism 65 In the second solution the filter software F 62 authenti - 

(DES in chained CBC mode). The source and integrity can cates the interpreter software 20, 71 using a conventional 

also be verified using an asymmetrical cryptography mecha- authentication process based on information sent by the 
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interpreter software 20, 71 and combined with the secret in accordance with secret parameters contained in the micro- 
parameter. At the level of the interpreter software 20, 71 this processor or microprocessors of the terminal when the user 
authentication procedure is executed by the software 72 enters a PIN. If the terminal 1 includes two microprocessors 
(FIG. 8A) or the software 76 (FIG. 8B), depending on the 2, 3, for example, the password 300 is stored in the secure 

embodiment of the terminal module concerned. 5 microprocessor 3, encrypted 310 using the PIN 315 and a 

This authentication mechanism can equally be applied to secret X 305, and then sent to the micro controller 2 
messages exchanged between the programs to construct il * decrypted 320 using the key X 305 also stored in 

message authentication codes for guaranteeing the source the micro controller 2 and the PIN 315 entered by the user, 
and the integrity of each message transmitted. ^ ^chamsm aims to protect agamst substitution of one 

In the case of the mode of execution described with 10 oflhetwo mtcroprocessors. 

reference to FIG. 4A, this solution nevertheless requires, for ^f™!? t° FIG. 12, the same principle can be applied to 

preference, physical protection of the link between the two a ca 1 rd/t '™ m ^ «> mbl " au °° each D tlme a microcircuit card is 

microprocessors to be assured to prevent a hacker from ^ ^ **t*imm,l module. PersonabzaUon can consist 

reading the data exchanged and in particular the personal m the tran ? laU on "? ftw " e ^ h ^ \l mrd 400 baSed 

. , , mNn r 4 . _ „ . • i „* _ on secret information XI 407 held by the secure micropro- 

ldentification code (PIN) of the card, which the user may 15 , . , _ , . J _ . v _ *_ 

need to enter via the keyboard 5 to carry out transactions. ^ r 131 of lhe c " d , 31 XCKl ">f°™ation X2 405 he d 

Q Protection of a secret parameter by the standard micro b y * e te .™ nal moduk *> for f xllm P' e ' ^ , same 
controller 2 as Ascribed heremabove can be used to calculate 420 the 

The foregoing description shows the necessity of storing P**™ 6 4 , 00 ' ™ s P^sword, generated 410 the first time 

at least one secret parameter in the interpreter software. The 20 ' he le ™» module - "^ZTZf I 

mode of execution of the terminal based on a PC, in which * nown l ° thc ^ » djl*yed 430, 450, 460 on the screen 
the interpreter software executes on the PC itself, therefore 4 when th * te ™ ,nal module is used again with the card. The 
offers a Lited degree of security for the PC, although this ™? «*» MoK venfv md b ° a f ur , ed that , the ^™ mal m 
degree of security is sufficient to prevent a virus substituting lhea possession consisting of the terminal module con- 

itselffortheinterpretersoftware.Ahigherdegreeofsecurity 25 nected to the card, is authentic. 

is obtained by instiling the interpreter software in the ROM V Authentication of the microcircuit card by the terminal 

2c of the standard micro controller 2. For enhanced security m ° U e . » . 

4 „ t r iU ■ ^ , ^ . . ^ To enhance further the security of the transaction system 

the secret parameter or the micro controller 2 can be stored , . , t . . J . /. . 

. » l«l j • • « * ♦ «j in accordance with the invention, a conventional authenti- 

m the temporary memory when the product is manufactured . , , - 

ui . >• t * i -r ■ „ cation process can be used for authentication by the terminal 

or possibly on inserting the microprocessor 3 it it is 30 * . . ■ j ^ * 

ui • * * j ■* a tl •„ f t . ■ module 1, 101 of the microcircuit card used. An authenti- 

removable, or on an integrated circuit card. The aim oi this . ' _ , - , . , . , . 

* i_ cj u *, 4U . cation process of the above kind prevents the user s personal 

operation is to establish confidence between the two micro- . , /™ X tx j L , < . 4 4 , 

An ™ . • „ u~ tn \, an n * identification number (PIN), entered by the latter into the 

processors. All necessary precautions must be taken at the t ( . + M . At y , f \ - ' . . 
f. riU * s - *u *u % r 4 L „• module 1, 101 via the keyboard 5 to execute a secured 
time of this operation to assure the authenticity of the micro t ^ c . • i JL 4f*ju 
4 n / « * j u *u ™ , f _ . transaction, from being captured by a counterfeit card sub- 
controller 2 (operation effected by the manufacturer, opera- 35 , ' ! , i j 
, - i t . * i * j ■ .v. * „ stituted by a hacker for the user s authentic card and 
tion protected by transport keys stored in the temporary , ' JL . , , , 4 . _ TXT 

r ^41 ■ * ii i u *u ^ * j subsequently recovered by the hacker to read the PIN off the 

memory of the micro controller 2 by the manufacturer, and * _r j^l- 4t.4 ** u fC4ju 

! i *j r . • u • j-i ■ f ....... • j counterfeit card. This authentication can be effected by a 

knowledge of which is a precondition for initialising said _ , . . 

. * \ t jjt 4- 1 „ u ■ I, f means of a conventional challenge/response type 

secret parameter). In addition, conventional mechanisms for , , & ' /, ' 1 

a * * ■ 4 ■ / + * * \ „/n k fl *u a > n mechanism, for example, using a secret shared between the 

detecting intrusion (contacts, etc) will be fitted to erase the 40 » • i , < j . • 1 . v 

° • *u 4 r ■ 4 card and the terminal module and symmetrical cryptography 

temporary memory in the event of intrusion (by cutting off , , , , . . „ , . Jl \J 

i * \ or, as already described, using a private key stored by the 

the power supply, etc). ' y ' * A J . 7 

rvi *a * i *u *• 4- j 44- c card enabling the challenge to be encrypted using an asym- 

D) Mutual authentication and setting up or a secure . , , . . , - * j , *r- 
communication channel between the microprocessor of the metrlcal ^"'hm- the terminal module verifying the 
integrated circuit card and the secure microprocessor of the 45 response usmg lt s public key. 

. ■ , j , The architecture of the transaction system and the security 

terminal module , , ...... , .• 

This mutual authentication and the setting up of the secure ^'j™ 5 dcscnb f 6 l hereinabove make transactions 
communication channel are effected by mechanisms identi- effected ^ means of the terimnal 101 hl 8 hl y 

cal to those used by the standard micro controller 2 and the se ^ e ' . 

secure microprocessor executing the filter software, as 50 e ermula mo u e * 

described under B) above. ex P ands ^ nalure of me trul y secure scmces that a 

E) Authentication of the terminal module microcircuit card can provide, thanks to the keyboard 5, 
It is important to guard against any attack on the combi- the 4 and the Paction of data exchanged with 

nation of the keyboard 5, display 4 and secure micropro- tne user; and 

cesser 3 with the aim of counterfeiting the terminal module, 55 enables the card to be used in a non-secure environment 
for example, substituting a counterfeit terminal module for (PC susceptible to viruses or pirate programs), by 

a real terminal module in order to recover information hermetically isolating it from this environment by 

entered by the user (keyboard spy), access the secrets of an means of a software and/or hardware architecture 

integrated circuit card, falsify signatures. strictly controlling access to the card, i.e. controlling 

To this end a mechanism can be added to enable the user 60 commands sent to the cryptographic functions on the 
to authenticate the terminal. card - 

This objective is achieved by an automatic personalisation terminal module can take various forms, for example: 

process. an integrated circuit card reader for connection to a 

Authentication of the terminal module alone computer via various interfaces (PCMCIA, etc) or not 

Referring to FIG. 11, personalization can consist in cal- 65 (connection to a server via modem only); 
culating a password 300 that is easy to remember and that is a computer (PC) the user interfaces of which consist in the 
generated 310 and displayed 330, 350, 360 by the terminal screen and the keyboard of the PC and which includes 
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an integrated circuit card reader. The PC will include (dl) at least one programmable memory for storing at 

software and/or hardware means (such as a secure least one filter program for translating said high-level 

second microprocessor, the standard microprocessor requests into at least one of either: 

consisting of the PC itself) for assuring the integrity (dli) of at least one elementary command or a 

and the confidentiality of the filter software. By com- 5 sequence of elementary commands for being 

puter is meant a PC or a PDA (Personal Digital executed by said second software means of said 

Assistant)* second data processing means, or 

. , ' ... . , , ... T „~ , (dlii) at least one sequence of data exchanges 

a keyboard, possible provxded with an LCD display said module and ^ 

screen, incorporating a secure microprocessor and an ^ imcrface mea ns, said data exchanges 

integrated circuit card interface; 10 being executed by ^ first ^ ware means of ^ 

a telephone, possible equipped with a display, incorpo- first data processing means, and 

rating a secure microprocessor and an integrated circuit (d2) means for protecting said filter program to prevent 

card interface; an unauthorized entity from either reading or rnodi- 

a cable TV network decoder (set-top box) incorporating fying said filter program, and 

an integrated circuit card reader connected to a TV, the 15 (e) at least one of said first data processing means of said 

telephone, a keyboard or possibly the remote controller terminal module and said second data processing 

for the decoder or the TV providing the user interface; means of said personal security device comprise 

more generally, any equipment that can be rendered < cl ) ^ fi T f Q ^ P roccssin S dcvicc for executing said 

secure by incorporating a secure microprocessor in _ n . . . er program. 

... J ... r .? A . i * i 11 j i_ 20 2. A terminal according to claim 1 wherein said first data 

which a sensitive application can be installed or by ^ dcvicc for cxc * mi the fi]tcr ^ compriscs 

incorporating an integrated circuit card interface fifst meaflS for a( ^ Qne of identifying and au(henucating 

enabhng said equipment to be controlled by an appli- said ap p Ucation installed on said electronic unit or the 

cation installed on an integrated circuit card. source of said high-level requests received from said appli- 

The whole of the foregoing description describes a ter- 25 cation, 

minal to be used with an integrated circuit card or smart 3. A terminal according to claim 2 wherein said first data 

card. The card referred to is in fact a tool enabling the use processing device for executing said filter program further 

of cryptographic functions personalised to one user by comprises means for verifying the integrity of data received 

means of at least one secret parameter. The object of the from said application. 

invention is clearly not limited to a given form of tool such 3Q 4. A terminal according to claim 1 wherein said first data 
as an integrated circuit card. The invention also covers the processing device for executing said filter program corn- 
use of personal security devices offering functions equiva- prises centralized means for controlling conditions of use of 
lent to those of an integrated circuit card but presented in a services of the personal security device in accordance with 
different form, such as the "iButton", "Java Ring" and at least one of said application and the user, 
"token" products. 35 5. A terminal according to claim 1 wherein said first data 

What is claimed is: processing device for executing said filter program com- 

1. A terminal that enables a user to execute secure prises: 

electronic transactions in conjunction with at least one (i) means for commanding the loading, in a secure manner 

application installed on an electronic unit, said terminal preventing physical interference and logical interfer- 

comprising: 40 e nce by an unauthorized entity, of said filter program 

(a) a terminal module comprising: into said programmable memory via one of said first 
(al) first interface means for interfacing with said interface means and said third interface means from an 

application and for receiving from said application entity external to said terminal module, and 

high-level requests relating to said transactions, nrs t access control means for authorizing said loading 

(a2) second interface means for interfacing with said 45 0 f sa j d fiit er program only in response to at least one 

user, predefined condition. 

(a3) third interface means for interfacing with a per- g a terminal according to claim 1 further comprising 

sonal security device, and second means that enables said second data processing 

(a4) first data processing means comprising means to authenticate said first data processing means. 

(a4i) at least first software means for controlling said 50 7. a terminal according to claim 1 further comprising 

first, second and third interface means; and third means that enable said first data processing means to 

(b) a personal security device comprising authenticate said second data processing means. 

(bl) second data processing means comprising at least 8. A terminal according to claim 6 or claim 7 further 

(bli) second software means for executing elemen- comprising (i) a first communication channel between said 

tary commands, 55 first data processing means and said second data processing 

(blii) means for executing cryptographic means, said first communication channel including said third 

computations, and interface means and (ii) first means for securing said first 

(bliii) first means for securing said second data communication channel against access by an unauthorized 

processing means against physical access and entity. 

logical access by an unauthorized entity, 60 9. A terminal according to claim 1 further comprising 

wherein, fourth means that enable said user to authenticate said 

(c) said terminal module receives said high-level requests terminal module, independently of said personal security 
from said application installed on said electronic unit, device. 

said high level requests being independent of said 10. A terminal according to claim 9 wherein said fourth 

personal security device, 65 means comprise: 

(d) at least one of said terminal module and said personal means for calculating, on the basis of a first secret 
security device comprises: parameter stored in said first data processing means, a 
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password known to said user using said first data channel on the basis of at least a fifth secret parameter stored 

processing means and in memory in said first data processing means and in 

means for presenting said calculated password to said user memory in said second data processing means, 

via said second interface means. 18 A terminal according to claim 16 wherein said third 

11. A terminal according to claim 1 further comprising s securing means comprise first physical means for physically 
fifth means that enable said user to conjointly authenticate P^cUag said second communication channel against 
said terminal module and said personal security device. m - n Sl ° n ' . . j-.i--i.i_. -j c . 

12. A terminal according to claim 11 wherein said fifth 19 *nnmal according to claim 15 wherein said first 

microprocessor of said first data processing means includes 

means comprise: . r . • -j C al 

^ r . , , m a temporary memory for storing said fifth secret parameter 

means for computing, on the basis of at least second and ^ fl icd means for h icall protecting ^ 

third secret paramters stored respectively in memory in temporary memory against 

said first data processing means and in memory in said 2Q A tcrminal accordiDg to claim 14 whcrcin said 

second data processing means, a password known to microprocessor fe a microcontroller, 

said user said using said first data processing device for 21. A terminal according to claim 14 wherein said second 

executing said filter program and daU processing means of said ^on&X security device 

means for presenting said computed password to said user comprise a second data processing device for execution of 

via said second interface means. sa j d f^ ter pr0 g ram i n a secure manner preventing physical 

13. A terminal according to claim 1 wherein said terminal access and logical access 5y an unauthorized entity and a 
module includes said programmable memory for storing programmable memory for loading and storing said filter 
said filter program. program, 

14. A terminal according to claim 13 wherein said filter said firs( software means of safd ^ ^ ssi 
program generates first commands for implementing said at means reoeiving said first commands for implementing 
least one sequence of data exchanges between said terminal ^ at ^ ^ sequence of datfl exchanges from of 
module and said user and wherein: ^ Qne of sakJ ^ daU processing device md said ^nd 

said first data processing means comprise data processing device respectively installed in said 

(i) a first microprocessor for controlling at least said terminal module and said personal security device, 
second interface means, said first microprocessor 2 2. A terminal according to claim 14 wherein said first 
being programmed by virtue of said first software microprocessor is the microprocessor of a personal 
means to execute said first commands generated by 3{) compmer , said personal computer being also interfaced to 
said filter program and sent to said first micropro- said m i crop rocessor. 

cesser for implementing said at least one sequence of 23. A terminal according to claim 13 wherein said filter 

data exchanges between said terminal module and program generates first commands for implementing said at 

said user and J east one sequence of data exchanges between said terminal 

(ii) a second microprocessor of the integrated circuit 35 module and said user and where i n: 

card type disposed in said terminal module and gaid firgt data essi means rise said first data 

including said programmable memory, processing device for executing said filter program, 

said second microprocessor executing said filter program said fir&t ^ ^ device comprising a micropro- 

to control said at least one sequence of data exchanges cessor for - 

between said terminal module and said user by means 4Q (i) execudn said mter m for translating said 

of said first commands sent to said first microprocessor high-level requests into said at least one sequence of 

and for applying said at least one sequence of at least data exchan es between said terminal module and 

one elementary command to said second data process- ^ uger and ^ said at ^ Qne elementary com . 

ing means, mand or said sequence of elementary commands for 

said second microprocessor comprising second means for 45 bcing executed by said second software means of 

securing said second microprocessor against physical said SKOad data processing means, and 

access and logical access by an unauthorized entity. controlling at least said second interface means 

15. A terminal according to claim 14 wherein said first using said first comma nds generated by said filter 
microprocessor for controlling at least the second interface program to implement said at least one sequence of 
means comprises a fourth secret parameter stored in memory 50 data exchanges between said terminal module and 
in said first data processing means, said user aad WDcre i n sa i d microprocessor comprises 

said second microprocessor being controlled by said filter means for securing said microprocessor against 

program to authenticate said first software means for physical access and logical access by an unautho- 

controlling at least the second interface means on the rized entity. 

basis of information sent by said first microprocessor 55 24. A terminal according to claim 23 wherein said micro- 

and combined at least with said fourth secret parameter. processor includes said programmable memory. 

16. A terminal according to claim 15 further comprising 25. A terminal according to claim 23 wherein said pro- 

(i) a second communication channel between said first grammable memory is external to said microprocessor, 
microprocessor for controlling at least the second inter- 26. A terminal according to claim 25 wherein said filter 
face means and said second microprocessor of the first <so program is stored in encrypted form in said programmable 
data processing means and memory and said microprocessor comprises means for read- 

(ii) third means for securing said second communication ing and decrypting said filter program to enable said execut- 
channel against access by an unauthorized entity. ing of said filter program. 

17. A terminal according to claim 16 wherein said second 27. A terminal according to claim 23 wherein said second 
means for securing comprise means for encryption and 65 data processing means of said personal security device 
decryption, by said first software means and by said second comprise a second data processing device for execution of 
microprocessor, of data sent on said second communication said filter program in a secure manner preventing physical 
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access and logical access by an unauthorized entity and a 
programmable memory for loading and storing said filter 
program, 

said first software means of said first data processing 
means receiving said first commands for implementing 
said at least one sequence of data exchanges from one 
of said first data processing device and said second data 
processing device respectively installed in said termi- 
nal module and said personal security device. 

28. A terminal according to claim 13 wherein: 

said filter program comprises at least one secret 
parameter, and wherein 

said second data processing means comprise second 
means of conditional access control for authorizing 
execution of said cryptographic computations in 
response to elementary commands generated by said 
filter program only if at least a second predefined 
condition depending on said at least one secret param- 
eter is satisfied. 

29. A terminal according to claim 13 wherein said termi- 
nal module comprises a personal computer and wherein 

said programmable memory includes the hard disk of said 
computer. 

30. A terminal according to claim 29 wherein said filter 
program comprises a loading/decrypting first module and an 
encrypting second module for said translation of said high- 
level requests, said first module commanding the loading of 
said second module into RAM of said computer and decryp- 
tion of said second module for execution of said filter 
program by said computer. 

31. A terminal according to claim 29 wherein said filter 
program comprises at least one first module installed on said 
personal computer and at least one second module installed 
on a security server, said personal computer and said secu- 
rity server being connected by a communication channel, 
said terminal further comprising means for enabling 
exchange of data between said first and second modules in 
a manner protecting against access by an unauthorized 
entity. 

32. A terminal according to claim 29 wherein said per- 
sonal security device is an integrated circuit card. 

33. A terminal according to claim 1 wherein said personal 
security device includes said programmable memory for 
storing said filter program. 

34. terminal according to claim 33 wherein said filter 
program generates first commands for implementing said at 
least one sequence of data exchanges between said terminal 
module and said user and wherein: 

said first data processing means comprise a first micro- 
processor for controlling at least said second interface 
means, 

said first microprocessor means being programmed by 
said first software means to execute said first com- 
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mands generated by said filter program and sent to said 
first microprocessor for implementing said at least one 
sequence of data exchanges between said terminal 
module and said user, and 
s said second data processing means comprise a second 
microprocessor of the integrated circuit card type dis- 
posed in said personal security device and including 
said programmable memory, said second microproces- 
1Q sor executing 

(i) said filter program for controlling said at least one 
sequence of data exchanges between said terminal 
module and said user by means of said first com- 
mands sent to said first microprocessor and 
!5 (ii) said elementary commands, said second micropro- 
cessor comprising means for securing said second 
microprocessor against physical access and logical 
access by an unauthorized entity. 

35. A terminal according to claim 34 wherein said first 
20 microprocessor for controlling at least said second interface 

means comprises one fourth secret parameter stored in 
memory in said first data processing means and wherein 
said second microprocessor of said personal security 
device is controlled by said filter program to authenti- 
25 cate said first microprocessor on the basis of informa- 
tion sent by said first microprocessor and combined at 
least with said fourth secret parameter. 

36. A terminal according to claim 34 wherein said second 
3 0 microprocessor of said personal security device commands 

the loading of said filter program into said programmable 
memory via said first interface means and said third inter- 
face means. 

37. A terminal according to claims 13 or 33 wherein said 
35 terminal module comprises an integrated circuit card reader 

and wherein 

said personal security device comprises an integrated 
circuit card, 

38. A system for performing secure transactions compris- 
40 ing at least one terminal according to claim 1 and at least one 

electronic unit including means for transmitting said high- 
level requests to said terminal. 

39. A system according to claim 38 wherein said at least 
45 one terminal comprises a plurality of terminals, wherein 

at least one server constitutes said electronic unit and 
wherein 

said system further comprises means for sending digital 
data between said at least one server and said plurality 
50 of terminals. 

40. A system according to claim 1 wherein said program- 
mable memory is a reprogrammable memory. 

***** 
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